[SAC] [OSGeo] #2300: osgeo.org change password not working

OSGeoTrac · May 1, 2019, 10:50pm

#2300: osgeo.org change password not working
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2019-I
Component: Systems Admin | Keywords:
---------------------------+--------------------------------------
As reported on -
https://lists.osgeo.org/pipermail/sac/2019-May/010998.html

The page for changing one's own password that's linked off the profile
page of www.osgeo.org, does not work, here's how to reproduce:

Go to https://www.osgeo.org/, click "Sign In" in top-right corner, sign
in, you will land on the "Profile" page.

Scroll down a bit, under "About Yourself" there's a link that says

To change your OSGeo password, go to: https://id.osgeo.org/ldap/edit

That link returns HTTP status 403 Forbidden.

The (similar) reset link seems to work fine.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2300>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · May 1, 2019, 11:28pm

#2300: osgeo.org change password not working
---------------------------+---------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2019-I
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------------------------
Changes (by robe):

* status: new => closed
* resolution: => fixed

Comment:

The issue was that since I have id.osgeo.org on osgeo7 now, I had switched
to using the http mode since nginx is handling the https.

But apache is still seeing the connection as http which evidentally this
piece of code relies on it being https. I had similar issue with
dev.osgeo.org and was able to resolve there by setting the

{{{
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
}}}

https://codex.wordpress.org/Administration_Over_SSL

The article says you can do something similar with the .htaccess file, but
not quite sure where on the server this is.

So what I ended up doing is turning back on ssl mode and proxying thru
ssl.

The certificate it is will expire today (but I don't think that muuch
matters to it or nginx) since nginx trusts it and will ignore the
expiredness and nthe client browser is responsible for checking the
certificate is valid and will be given the valid letsencrypt nginx cert.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2300#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.